Skip to content

Commit 5050ea7

Browse files
authored
Merge pull request #1851 from CVEProject/af-1842
Resolves Issue #1842: updateUser UUID correction
2 parents 7122119 + 7ff2596 commit 5050ea7

2 files changed

Lines changed: 114 additions & 5 deletions

File tree

src/controller/registry-user.controller/registry-user.controller.js

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -400,9 +400,8 @@ async function updateUser (req, res, next) {
400400
}
401401
}
402402

403-
// Move lookups of immutable properties BEFORE the transaction mutation writes to completely bypass read-after-write anomalies
404403
const requestingUserUUID = await userRepo.getUserUUID(req.ctx.user, req.ctx.org, { session })
405-
updatedUserUUID = await userRepo.getUserUUID(req.ctx.user, org.UUID, { session })
404+
updatedUserUUID = userToEdit.UUID
406405

407406
updatedUser = await userRepo.updateUserFull(userToEdit.UUID, body, { session }, true, requestingUserUUID)
408407
await session.commitTransaction()
@@ -454,9 +453,9 @@ async function deleteUser (req, res, next) {
454453
action: 'delete_registry_user',
455454
change: user.username + ' was successfully deleted.',
456455
req_UUID: req.ctx.uuid,
457-
org_UUID: await orgRepo.getOrgUUID(req.ctx.org)
456+
org_UUID: await orgRepo.getOrgUUID(req.ctx.org),
457+
user_UUID: user.UUID
458458
}
459-
payload.user_UUID = await userRepo.getUserUUID(req.ctx.user, payload.org_UUID)
460459
logger.info(JSON.stringify(payload))
461460

462461
const responseMessage = {

test/integration-tests/registry-user/registryUserCRUDTest.js

Lines changed: 111 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,125 @@
11
const chai = require('chai')
22
const expect = chai.expect
33
chai.use(require('chai-http'))
4+
const sinon = require('sinon')
5+
const { v4: uuidv4 } = require('uuid')
46

57
const constants = require('../constants.js')
68
const app = require('../../../src/index.js')
9+
const logger = require('../../../src/middleware/logger')
710

811
const secretariatHeaders = { ...constants.headers, 'content-type': 'application/json' }
912

13+
const getLoggedPayload = (loggerInfoStub, action) => {
14+
return loggerInfoStub.getCalls()
15+
.map(call => call.args[0])
16+
.filter(arg => typeof arg === 'string')
17+
.map((arg) => {
18+
try {
19+
return JSON.parse(arg)
20+
} catch {
21+
return null
22+
}
23+
})
24+
.find(payload => payload?.action === action)
25+
}
26+
27+
const postNewOrg = async (shortName) => {
28+
return chai.request(app)
29+
.post('/api/registry/org')
30+
.set(secretariatHeaders)
31+
.send({
32+
short_name: shortName,
33+
long_name: shortName,
34+
authority: ['CNA'],
35+
id_quota: 1000
36+
})
37+
}
38+
39+
const postNewUser = async (orgShortName, username) => {
40+
return chai.request(app)
41+
.post(`/api/registryUser/${orgShortName}`)
42+
.set(secretariatHeaders)
43+
.send({
44+
username,
45+
name: {
46+
first: 'Registry',
47+
last: 'User'
48+
},
49+
status: 'active'
50+
})
51+
}
52+
53+
const createRegistryUser = async () => {
54+
const orgShortName = `reguser${uuidv4().replace(/-/g, '').slice(0, 12)}`
55+
const username = `user_${uuidv4().replace(/-/g, '').slice(0, 12)}@example.com`
56+
57+
await postNewOrg(orgShortName)
58+
.then((res) => {
59+
expect(res).to.have.status(200)
60+
})
61+
62+
let createdUser
63+
await postNewUser(orgShortName, username)
64+
.then((res) => {
65+
expect(res).to.have.status(200)
66+
createdUser = res.body.created
67+
})
68+
69+
return { orgShortName, createdUser }
70+
}
71+
1072
describe('Testing /registryUser endpoints', () => {
1173
context('Positive Tests', () => {
12-
// TODO
74+
it('Logs the updated user UUID when updating a registry user by identifier', async () => {
75+
const { createdUser } = await createRegistryUser()
76+
const loggerInfoStub = sinon.stub(logger, 'info')
77+
78+
try {
79+
await chai.request(app)
80+
.put(`/api/registryUser/${createdUser.UUID}`)
81+
.set(secretariatHeaders)
82+
.send({
83+
UUID: createdUser.UUID,
84+
username: createdUser.username,
85+
name: {
86+
first: 'Updated',
87+
last: 'User'
88+
},
89+
status: 'active'
90+
})
91+
.then((res) => {
92+
expect(res).to.have.status(200)
93+
expect(res.body.updated.UUID).to.equal(createdUser.UUID)
94+
})
95+
96+
const payload = getLoggedPayload(loggerInfoStub, 'update_registry_user')
97+
expect(payload).to.not.equal(undefined)
98+
expect(payload.user_UUID).to.equal(createdUser.UUID)
99+
} finally {
100+
loggerInfoStub.restore()
101+
}
102+
})
103+
104+
it('Logs the deleted user UUID when deleting a registry user by identifier', async () => {
105+
const { createdUser } = await createRegistryUser()
106+
const loggerInfoStub = sinon.stub(logger, 'info')
107+
108+
try {
109+
await chai.request(app)
110+
.delete(`/api/registryUser/${createdUser.UUID}`)
111+
.set(secretariatHeaders)
112+
.then((res) => {
113+
expect(res).to.have.status(200)
114+
})
115+
116+
const payload = getLoggedPayload(loggerInfoStub, 'delete_registry_user')
117+
expect(payload).to.not.equal(undefined)
118+
expect(payload.user_UUID).to.equal(createdUser.UUID)
119+
} finally {
120+
loggerInfoStub.restore()
121+
}
122+
})
13123
})
14124
context('Negative Tests', () => {
15125
it('Fails when page query parameter is not an integer', async () => {

0 commit comments

Comments
 (0)